1378 matches found
CAN-2005-0159
CVE-2005-0159 affects the Debian toolchain-source package (tpkg-* scripts) where insecure temporary file usage allows a local attacker to overwrite arbitrary files via a symlink attack. The Debian security advisories (DSA-679-1) document that the fix is available in toolchain-source versions 3.0....
CAN-2004-1180
CVE-2004-1180 affects the rwhod daemon in netkit-rwho on little-endian architectures, with a remote denial-of-service possible due to missing input validation in versions before 0.17. The Debian DSA mentions fixed releases (0.17-4woody2 for woody and 0.17-8 for sid); other OpenVAS/NASL entries co...
CAN-2005-0448
CVE-2005-0448 is a race condition in Perl's File::Path::rmtree that could allow a local user to create setuid binaries or delete arbitrary files via a symlink attack. Connected advisories confirm this issue as the original rmtree race (not a remote exploit) and note it has been reintroduced in ce...
CAN-2005-0205
CVE-2005-0205 is a local privilege issue in KDE’s kppp component within the kdenetwork package. The vulnerability stems from a design flaw where kppp leaks privileged file descriptors before exec, allowing a local attacker to read/write privileged descriptors and subsequently modify /etc/hosts or...
CAN-2005-0073
CVE-2005-0073: A buffer overflow in queue.c in sympa 3.3.3 (when running setuid) can allow a local user to execute arbitrary code. Public references describe this as a local privilege escalation vulnerability in Sympa; affected releases include sympa prior to 4.1.3. Mitigation in the cited OpenVA...
CAN-2005-0085
CVE-2005-0085 relates to a cross-site scripting vulnerability in htdig that can be exploited remotely. Public records in connected documents show multiple advisories across distros: Debian: DSA-680-1 and a corresponding Debian security advisory entry for htdig. SUSE: exists as a security update f...
CAN-2005-0100
The connected documents tie CVE-2005-0100 to Emacs across multiple advisories (Debian DSA-671-1, SLES9 Emacs update, Gentoo GLSA 200502-20, FreeBSD ports, Gentoo/Debian entries in OpenVAS). They provide CVSS context (base 7.5, vector AV:N/AC:L/Au:N/C:P/I:P/A:P) in OpenVAS entries, and mention upd...
CAN-2005-0363
CVE-2005-0363 affects AWStats (notably versions AWStats 4.0 and 6.2) where remote attackers can execute arbitrary commands via shell metacharacters in the config parameter, due to inadequate input sanitisation. The issue is a CGI/plugin input handling problem in AWStats, enabling remote command e...
CAN-2005-0107
The CVE-2005-0107 issue affects bsmtpd (a batched SMTP mailer used with sendmail/postfix) where 2.3 and earlier do not properly sanitize e-mail addresses, allowing remote command execution. Public advisories (e.g., Debian DSA-690-1) note remote exploitation and provide fixed packages (e.g., bsmtp...
CAN-2005-0099
CVE-2005-0099 concerns the SDL port of Abuse (abuse-SDL). The advisory detail shows that abuse-SDL before version 2.00 does not drop privileges when creating certain files, allowing local users to create or overwrite arbitrary files. Affected context includes Debian (DSA-691-1) and SUSE entries t...
CAN-2005-0152
CVE-2005-0152 concerns SquirrelMail 1.2.6. The vulnerability allows remote code execution through URL manipulation, by exploiting an unsanitised input/URL handling, enabling arbitrary code execution with typical web server privileges (e.g., www-data). This is a remote, client-side input handling ...
CAN-2005-2240
CVE-2005-2240 affects xpvm (Graphical console for PVM); xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. Debian and OSV/OpenVAS entries confirm the vulnerability; fixes exist in xpvm 1.2.5-7.3sarge1 (and 1.2.5-7.2w...
CAN-2005-0386
CAN-2005-0386 corresponds to a cross-site scripting (XSS) vulnerability in mailreader, reported as a remote issue that affects displaying messages with MIME types text/enriched or text/richtext. Public sources in the connected set identify mailreader before version 2.3.29 as vulnerable, with succ...
CAN-2004-0957
CVE-2004-0957 is cited across multiple connected advisories (Ubuntu USN-32/109, SLES9 MySQL updates, FreeBSD ports) as part of historical MySQL vulnerabilities. Documented info shows it co-occurs with advisories requesting updates or patches to MySQL components; CVSS scores in these entries range...
CAN-2005-1109
CVE-2005-1109 refers to JunkBuster, a HTTP proxy. The vulnerability (affecting JunkBuster before version 2.0.2-r3) arises from heap corruption due to inconsistent use of an internal function, enabling remote attackers to crash the daemon and potentially execute arbitrary code. Impact is a remote ...
CAN-2005-0017
The provided OpenVAS/Gentoo/Debian/FreeBSD entries identify CVE-2005-0017 and, in some cases, CVE-2005-0018, as vulnerabilities in the f2c utility (Fortran-to-C translator). Technical details across the connected docs indicate the issue is related to insecure temporary file handling in f2c, which...
CAN-2004-1341
CVE-2004-1341 is a cross-site scripting (XSS) vulnerability in info2www, due to missing input sanitising. The issue affects info2www prior to version 1.2.2.9, with fixed versions in Debian as 1.2.2.9-20woody (woody) and 1.2.2.9-23 (sid). Debian DSAs (DSA-711-1) document remote exploitation via cr...
CAN-2005-0472
GAIM (multi-protocol IM client) is affected by two remote issues: (1) a SNAC packet handling flaw that can trigger an infinite loop/deny‑of‑service, and (2) malformed HTML/SNAC input leading to client crashes or hangs. CVE-2005-0472 covers the SNAC‑based DoS; CVE-2005-0473 is associated with HTML...
CAN-2005-0870
CVE-2005-0870 is associated with phpsysinfo, a PHP-based host-information utility, as reflected in multiple advisories (e.g., Debian DSA-724/897/898 and OpenVAS entries). The connected documents describe several issues: cross-site scripting (XSS) vulnerabilities (CVE-2005-0870) and related proble...
CAN-2005-0739
Technical details for CVE-2005-0739 are not publicly available in the provided documents. Monitor for updates.